Anonymous Location Service for Wireless Networks

ABSTRACT

An anonymous location wireless network service for use in a wireless network. The service provides content providers with the location of network users without revealing their identities. The service includes a wireless network having a proxy server, a network communication link to a plurality of web sites, and a wireless communication link to a plurality of handheld devices. The proxy server blocks identity by reading the location and identity information of network devices, generating dummy identifications, relating the dummy identifications to the identity information, storing the relationships in a memory storage, and forwarding the location information and dummy identifications to the global computer network. Upon receiving messages from the global computer network, the proxy server reads the dummy identifications, looks up the related identification information in the memory storage, and forwards the data to the appropriate network devices.

CROSS REFERENCE TO RELATED APPLICATIONS

This is a continuation of U.S. patent application Ser. No. 12/198,346,filed Aug. 26, 2008, which is a continuation of U.S. patent applicationSer. No. 11/375,849, filed Mar. 15, 2006 and now U.S. Pat. No.7,418,503, which is a continuation of U.S. patent application Ser. No.10/819,940, filed Apr. 8, 2004 and now U.S. Pat. No. 7,069,319, which inturn is a continuation of U.S. patent application Ser. No. 09/606,535,filed Jun. 30, 2000 and now U.S. Pat. No. 6,738,808.

BACKGROUND

1. Field of the Invention

The present invention relates to the field of wireless networks, and inparticular, to wireless networks that track the location and identity ofwireless network devices.

2. Background of the Invention

Enhanced wireless 911 (E911) services help ensure that wirelesstelephones provide 911 call centers, or Public Safety Answering Points(PSAPs), with vital information necessary to locate and identify acaller in an emergency. To comply with E911 standards promulgated by theFederal Communications Commission (FCC), wireless network providers willsoon be required to track the location and identity information of allwireless callers, with the purpose of providing such information toemergency personnel when a caller dials 911 from a wireless telephone.The FCC's wireless E911 rules require certain Commercial Mobile RadioServices (CMRS) carriers to begin transmission of enhanced location andidentity information in two phases. Phase I requires carriers totransmit a caller's telephone number and general location to a PSAP.Phase I1 requires carriers to provide more precise location informationto the PSAP.

Under the FCC rules, wireless networks and the corresponding wirelesshandheld devices, such as cellular telephones, will provide both theidentity and location of the caller to a 911 dispatcher. To provide acaller's identity, the wireless handheld device will furnish a deviceidentification, e.g., a mobile identification number (MIN), indicatingin most instances the telephone number of the device. The wirelessnetwork and wireless handheld devices will provide the location ofcallers using a network-based location system (e.g., triangulation),global positioning systems (GPSs) within the handheld devices, or acombination of the two systems.

In emergency situations, quickly communicating this location andidentity information is an invaluable, life-saving tool. Indeed,although the location and identity information is generally perceived asprivate information, the public policy behind the E911 regulationsfavors disclosing such private information in hopes of administering theaid a caller needs in an emergency. However, outside of emergencies,most cellular device users view their location and identity informationas intimately private, and express strong reservations againstinvoluntary and automatic disclosures such information.

These reservations are not without, merit, as wireless network providershave several ways to exploit the location and identity information ofnetwork users. For example, a network provider could furnish a retailerwith the identities of network users near the retailer's store, so thatthe retailer, in turn; could send an advertisement to the devices of thenearby network users, encouraging them to stop in and shop at the store.Knowing the identity of a network user, the retailer could also accessprofiling information on the user from data sources such as auxiliarymarketing databases or historical databases chronicling previousbusiness with the user. The profiling information would allow theretailer to provide targeted advertisements that are more likely toattract the user's business. However, in providing the identityinformation necessary for these targeted advertisements, the wirelessnetwork provider risks offending the network users with a significantinvasion of privacy.

The wireless network provider therefore faces a dilemma in satisfyingtwo customers with opposing interests: 1) the network users who desirereasonable privacy, and 2) the content providers (e.g., businesses andadvertisers) who aim to appeal to the network users by obtaining as muchinformation about the network users as possible. Thus, to appease bothcustomers, a wireless network provider must provide enough informationto content providers to promote effective content delivery andadvertising, but at the same time must limit such information to guardthe network users' privacy

SUMMARY OF THE INVENTION

The present invention is an anonymous location wireless network servicefor use in a wireless network that tracks the location and identity ofnetwork users, such as networks complying with the E911 standards. Theanonymous location wireless network service provides content providers(e.g., businesses and advertisers) with the location information ofnetwork users without revealing the identity of those network users. Theservice enables content providers to deliver (or “push”) advertisementsthat appeal to a certain class of network users based on location. Forexample, a class of network users could include users in locationsconvenient to the business's store or to users who have similarinterests and who assemble in a single location, e.g., fans attending asporting event at a stadium. The, service also enables network users toquery content providers to obtain information about the local area fromwhich they are transmitting (referred to herein as “pull messaging”).Most importantly though, with either push or pull messaging, the serviceprevents the content provider from learning the identity of a networkuser and maintains this vital information in strict privacy.

In a preferred embodiment of the present invention, the anonymouslocation wireless network service includes a wireless network having aproxy server, a network communication link to a plurality of web sites,and a wireless communication link to a plurality of handheld devices.The proxy server includes a memory storage, as an integral or separatecomponent, for storing the device identifications (e.g., MINs—mobileidentification numbers) and dummy identifications of network users.

To provide location information, the overall system architecture of thepresent invention includes a location system. The location systemprovides the wireless network with position coordinates of a handhelddevice that indicate where a network user is located. The locationsystem can be a part of the wireless network, can be contained in thehandheld devices, or can be a combination of the two. In the preferredembodiment of the present invention, the location system is both a partof the wireless network and is also contained in the handheld devices.For example, a suitable method of determining location as a part of thewireless network is by a Wireless Access Protocol (WAP) locationservice, or perhaps by triangulation across cell sites or cell sectors.An example of a suitable location system in the handheld devices is aGPS.

In the preferred embodiment of the present invention, the proxy serverperforms the identity blocking function. Preferably, the proxy serverreads the location and identity information of network users, generatesa dummy identification, relates the dummy identification to the identityinformation, stores the relationship in the memory storage, and forwardsthe location information and dummy identification to the contentprovider in the global computer network. Upon receiving return messagesfrom the global computer network, the proxy server reads the dummyidentification, looks up the related identity information in the memorystorage, and forwards the data to the appropriate network user.

As an alternate preferred embodiment of the present invention, insteadof using a different dummy identification for the device identificationof each device, the dummy identification corresponds to the location ofthe device. Thus, the proxy server substitutes the location of a devicefor the identity information and stores the relationship between thedevice location and device identification in memory. The substitutedlocation could be the same for multiple devices. In this manner, thecontent provider's response would be a different content addressed toeach location. In turn, the proxy server would look up in the memorystorage the devices marked with the location to which the contentprovider addressed the content, would determine the corresponding deviceidentification of each device marked with the location, and would returneach different content to the corresponding devices.

In blocking identity, the proxy server acts as an intermediary betweenthe plurality of handheld devices and the global computer network toprovide security, administrative control, and caching service (e.g.,caches material from popular web sites to reduce access times).Preferably, the proxy server is associated with or is part of a gatewayserver that separates the wireless network from the Internet. The proxyserver could also be associated with a firewall server that separatesthe wireless network from the public network.

The proxy server communicates with the plurality of handheld devicesthrough the wireless communication link. The proxy server providesrouting selection (i.e., what transport bearer is to be used), accesscontrol, addressing, protocol conversion (i.e., WML text to WML binary),caching, and transport interface between wireless and wired networks(e.g., WAP stack to traditional IP stack, HTTP/TCP/IP). The proxy serverruns one or more of the general operating systems, such as Windows 95™,Macintosh™, or UNIX™.

Accordingly, it is an object of the present invention to block identityinformation on wireless networks that track location and identityinformation, such as wireless networks that comply with E911 standards.

Another object of the present invention is to provide content providers(e.g., businesses and advertisers) with the location information ofwireless network users without revealing the identity of those networkusers.

Another object of the present invention is to protect the identity ofwireless network users while still providing a content provider withenough information to promote effective targeted content delivery (e.g.,advertising).

Another object of the present invention is to allow wireless networkusers to query content providers for information relating to aparticular location without revealing their identities.

These and other objects of the present invention are described ingreater detail in the detailed description of the invention, theappended drawings, and the attached claims.

DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram of a system architecture that provides theanonymous location service according to a preferred embodiment of thepresent invention.

FIG. 2 a is a schematic diagram of the system architecture illustratedin FIG. 1, showing the provision of an anonymous location service forpull messaging.

FIG. 2 b is a flow chart corresponding to FIG. 2 a, which traces thesteps for providing anonymous location service for pull messaging.

FIG. 2 c is a schematic diagram of a specific implementation of thepreferred embodiment of the anonymous location service of FIG. 2 a forpull messaging.

FIG. 3 a is a schematic diagram of the system architecture illustratedin FIG. 1, showing the provision of an anonymous location service forpush messaging.

FIG. 3 b is a flow chart corresponding to FIG. 3 a, which traces thesteps for providing anonymous location service for push messaging.

FIG. 3 c is a schematic diagram of a specific implementation of thepreferred embodiment of the anonymous location service of FIG. 2 a forpush messaging.

FIG. 4 is a schematic diagram of an alternate embodiment of the systemarchitecture illustrated in FIG. 1, in which the proxy server is used tocontrol the delivery of web page banner advertisements.

DETAILED DESCRIPTION OF THE INVENTION

The present invention is an anonymous location service for use in awireless network that tracks the location and identity of network users.The anonymous location service blocks the identity of a network user andprovides only location information to a content provider. The presentinvention contemplates future enhanced digital cellular networks, inwhich network users will use digital cellular handheld devices to accessdata from a global computer network, and in which digital cellularnetwork providers will track the identity and location of each networkuser.

Referring to FIG. 1, the primary components of the present inventioninclude a proxy server 100, memory storage 102, a network communicationlink 104 to a plurality of web sites, and a wireless communication link106 to a plurality of handheld devices 112. Each of these components isa part of a wireless network 110.

The system architecture in which the present invention operates furtherincludes a plurality of handheld devices 112 in communication withwireless communication link 106, a global computer network 114 incommunication with network communication link 104, and a plurality ofweb sites 116 and a plurality of content providers 118 in communicationwith global computer network 114. To track the location of wirelesshandheld devices 112, the system architecture includes one or both ofhandheld location systems (e.g., GPS) 120 or a network-based locationsystem 122. Handheld location systems 120 are provisioned in wirelesshandheld devices 112 while network-based location system 122 is a partof wireless network 110, in communication with proxy server 100.

Proxy server 100 is essential to the present invention. Specifically,proxy server 100 receives, in conjunction with data messages, thelocation and identity information of wireless handheld devices 112,generates dummy identifications and substitutes the dummyidentifications for the device identifications of devices 112, recordsthe dummy identifications and their associated device identifications inmemory storage 102, and forwards the data messaging with the location,information and dummy identification to web sites 116 and contentproviders 118 via global computer network 114. On the return path, proxyserver 100 receives a return data message from web sites 116 and contentproviders 118, reads the dummy identifications, consults memory storage102 to determine the device identification that corresponds to the dummyidentification, replaces the dummy identification with the deviceidentification, and forwards the return data message to the appropriatewireless handheld device.

In the preferred embodiment of the present invention, proxy server 100is a server that is dedicated to providing wireless handheld devices 112with access to global computer network 114, and ultimately withinformation content available from web sites 116 and content providers118. More preferably, proxy server 100 is a Wireless ApplicationProtocol (WAP) server. WAP is an application environment and set ofcommunication protocols for wireless devices designed to enablemanufacturer-, vendor-, and technology-independent access to theInternet and advanced telephony services. WAP provides wireless Internetaccess through all digital cellular networks, giving network users amenu driven method for downloading information, such as flight schedulesand bank balances, to cellular telephones from the Internet. WAP isdescribed in WAP version 1.1, which is herein incorporated by referencein its entirety.

Memory storage 102 is a database or other memory storage device that canrecord relationships between device identifications (e.g., MINs) anddummy identifications.

Although shown as a separate component in FIG. 1, memory storage 102could be contained in proxy server 100.

Wireless handheld devices 112 operate over wireless network 110 andprovide means by which to exchange text data. Familiar examples includeinteractive pagers and cellular telephones with text messagingcapabilities. Preferably, devices 112 are WAP-compatible thin clientshaving thin browsers adapted to communicate with proxy server 100 and toaccess global computer network 114. Global computer network 114 ispreferably the Internet.

The plurality of web sites 116 and the plurality of content providers118 are also preferably compatible with WAR Web sites 116 and contentproviders 118 communicate with devices 112 through global computernetwork 114 and wireless network 110. As with traditional web sites,content providers 118 and web sites 116 can transmit data to devices 112in response to a query, or on their own initiative as a push message.

Handheld location system 120 and network-based location system 122provide proxy server 100 with the locations of wireless handheld devices112. Depending on the desired degree of accuracy, one or both of thelocation systems can be used to determine a device's location. Thepreferred embodiment of handheld location system 120 is individual GPSsprovisioned in wireless handheld devices 112. The preferred embodimentof network-based location system 122 is a WA location service.

With proxy server 100 providing the identity blocking function of thepresent invention, there are an unlimited number of applications for theanonymous location service. For clarity, set forth below are twoexamples of how the preferred embodiment of the present invention isimplemented in different situations: 1) in response to a network user'squery for information related to her location (pull messaging), or 2) inresponse to a content provide's desire to push messages to network usersin a particular location (push messaging). In each example, proxy server100 receives the location and identity information of wireless handhelddevices 112 and forwards only the location information to web sites 116and content providers 118 via global computer network 114. Proxy server100 obtains the location and identity information of devices 112 bymonitoring a user's accessing of the network (e.g., browsing theinternet), by querying devices 112 on its own initiative, or by queryingdevices 112 at the request of web sites 116 and content providers 118.

Although these examples best illustrate the identification blockingfeature of the present invention, one of ordinary skill in the art wouldappreciate that the anonymous location service is applicable to otherwireless network messaging situations in which a caller on a networkthat tracks location and identity wishes to keep her identity private.In addition, while the system operation described herein and illustratedin the diagrams and flowcharts contains many specific details, thesespecific details should not be construed as limitations on the scope ofthe invention, but rather as examples of preferred, embodiments thereof.As would be apparent to one of ordinary skill in the art, many othervariations on the system operation are possible, including differentlygrouped and ordered method steps. Accordingly, the scope of theinvention should be determined not by the embodiments illustrated, butby the appended claims and their equivalents.

In the case of a user query (pull messaging), as shown in FIGS. 2 a and2 b, wireless handheld device 200 forwards a query 202 to proxy server100 (step 250 in FIG. 2 b). Query 202 contains the IP address of a website 204 that the user wishes to access, the device identification ofdevice 200, and, if device 200 includes handheld location system 120(e.g., a GPS), the location of the device. Optionally, as shown in step252, if the location system is a part of wireless network 110, proxyserver 100, upon receipt of query 202, obtains the location of device200 from network-based location system 122. Having the location andidentity (e.g., MIN) of handheld wireless device 200, in step 254, proxyserver 100 generates a dummy identification, replaces the deviceidentification with the dummy identification, and relates the deviceidentification to the dummy identification in memory storage 102. instep 256, proxy server 200 then forwards query 206 to the IP address ofweb site 204 through global computer network 114.

In step 258, the web server of web site 204 reads the locationinformation associated with query 206 and formulates an answer based onthe location of device. 200. The web server of web site 204 then returnsan answer message 208 to proxy server 100 through global computernetwork 114, in step 260. Then, in step 262, proxy server 100 reads thedummy identification in answer message 208, consults memory storage 102for the related device identification, and substitutes the deviceidentification for, the dummy identification. Finally, in step 264,proxy server 100 returns answer message 210 to the user's device 200.Thus, by removing and replacing the device identification, proxy server100 blocks the identity of the network user from reaching the externalweb server of web site 204.

FIG. 2 c illustrates a specific implementation of the anonymous locationservice for pull messaging. This specific implementation demonstratesone example of how a web server can be blocked from receiving a user'sidentity, while still receiving and responding to the user'slocation-dependent query. As an example of a typical query, the usercould ask the web server, “Tell me which restaurants are within walkingdistance of my current location.”

As shown in FIG. 2 c, the system architecture for this specificimplementation corresponds generally to the architecture of FIG. 2 a.The dashed lines indicate generally which components of FIG. 2 a relateto those of FIG. 2 c. For example, mobile gateway 270 and privacy agent272 perform the functions of proxy server 100 and memory storage 102.

FIG. 2 c also shows arrows labeled in sequence, indicating theinformation flow and process steps of this specific implementation. Instep 281, a user initiates a query from his wireless device 200 to theweb server of web site 204. The query includes a location request, adevice identification for wireless device 200, and a parameter forlocation preference. The location preference parameter indicates whetherthe user wants his identity forwarded or wants to remain anonymous. Inthis example, the user wants to block his identity. Therefore, in step282, wireless device 200 marks the location preference anonymous. Theuser can execute this anonymous setting by, for example, configuring thedefault preference of wireless device 200, or by selecting a manualoverride (e.g., a menu selection or key sequence).

If wireless device 200 includes a location system, in step 283 a,wireless device 200 requests location information from location system120. In step 283 b, location system 120 provides the locationinformation, which wireless device 200 then incorporates into the queryto web site 204. If wireless device 200 does not include a locationsystem, then wireless device 200 incorporates a location request messagein the query to web site 204. In step 284, wireless device 200 sends thequery to mobile gateway 270.

If wireless device 200 does not have a location system and the queryincludes a location request message, then, in step 286 a, mobile gateway270 queries network-based location system 122 for the location ofwireless device 200. The query to location system 122 references thedevice identification of wireless device 200. In response, network-basedlocation system 122 provides mobile gateway 270 with the locationinformation of wireless device 200, in step 285 .

In step 286 a, as mobile gateway 270 forwards the query to web site 204,privacy agent 272 intercepts the message because it is marked anonymous.In step 286 b, privacy agent 272 replaces the device identification ofwireless device 200 with a dummy identification and forwards the querymessage to web site 204. At the same time, privacy agent 272 records theassociation between the device identification and the dummyidentification.

In step 287, web server 204 receives the query message via globalcomputer network 114 and sends a response back through network 114. Website 204 formulates the response based on the location information, andaddresses the response to the dummy identification.

In step 288, mobile gateway 270 recognizes that the response messageincludes a dummy identification aid queries privacy agent 272 for the“real” device identification of wireless device 200. In step 289,privacy agent 272 finds the device identification associated with thedummy identification and sends the device identification to mobilegateway 270. Finally, in step 290, mobile gateway 270 sends the responsemessage to wireless device 200, as identified by the deviceidentification.

Referring to FIGS. 3 a and 3 b, for push messages, an external webserver, from the plurality of web sites 116 or the plurality of contentproviders 118, delivers messages to network users in a particularlocation, without being prompted by user queries. For example, contentprovider 300 could be a typical Internet advertiser such asDoubleClick™. In such a case, as shown in step 350 in FIG. 3 b, contentprovider 300 forwards a query 302 to proxy server 100 asking proxyserver 100 to monitor for wireless handheld devices 112 that enter aparticular location. In response, in step 352, proxy server 100 readsthe location information of wireless handheld devices 112 that arepowered on. Network-based location system 122, handheld location system120, or a combination of both systems provides this locationinformation.

As shown in step 354, proxy server 100 evaluates whether the locationinformation it reads corresponds to the particular location noted thequery by content provider 300. When the location information matches thelocation corresponding to query 302, proxy server 100 substitutes adummy identification for the device identification of the wirelesshandheld device 304 (step 356), as described above for the user queryexample. Proxy server 100 forwards a notification message 306 to contentprovider 300 including the dummy identification and locationinformation, in step 358. Then, in step 360, content provider 300prepares a content message 308 (e.g., an advertisement), whichreferences the dummy identification, and pushes content message 308 backto proxy server 100. In step 362, proxy server 100 translates the dummyidentification to its corresponding device identification by consultingmemory storage 102. Finally, in step 364, proxy server 100 deliverscontent message 310 to wireless handheld device 304, which is associatedwith a network user in the desired location. Thus, proxy server 100blocks the network user identification so that it never reaches contentprovider 300.

FIG. 3 c illustrates a specific implementation of the anonymous locationservice for push messaging. This specific implementation demonstratesone example of how a web server can be blocked from receiving a user'sidentity, while still receiving the user's location information andforwarding location-dependent messages. As an example, the web server ofcontent provider 304 could provide alerts or content (e.g., banneradvertisements) to a wireless device when the device moves into atargeted area (e.g., a shopping mall).

As shown in FIG. 3 c, the system architecture for this specificimplementation corresponds generally to the architecture of FIG. 3 a.The dashed lines indicate generally which components of FIG. 3 a relateto those of FIG. 3 c. For example, mobile gateway 370 and privacy agent372 perform the functions of proxy server 100 and memory storage 102. Inaddition, as an alternative to the preferred embodiment described inFIGS. 3 a and 3 b, in which proxy server 100 evaluates whether locationinformation matches a targeted area, this specific implementationmonitors for a device in a targeted area using a handheld locationmonitor 374 in handheld location system 120 or a network locationmonitor 375 in network-based location system 122. To help illustratespecific processing functions, this specific implementation alsoincludes handheld location agent 376 as a component of handheld locationsystem 120 and network location agent 377 as a component ofnetwork-based location system 122.

FIG. 3 c also shows arrows labeled in sequence, indicating theinformation flow and process steps of this specific implementation. Theprocess begins under the assumption that wireless device 304 has chosenthe anonymous identity option (i.e., the location preference parameteris equal to anonymous) and that content provider 304 has specified thetargeted areas into which it wants to deliver messages to users. In step381 a, if wireless device 304 includes a handheld location system 120,handheld location agent 376 provides handheld location monitor 374 withthe location of wireless device 304. If wireless device 304 does notinclude a handheld location system, network location agent 377 providesnetwork location monitor 376 with the location of wireless device 304 instep 381 b.

If wireless device 304 includes handheld location system 120, handheldlocation monitor 374 determines that wireless device 304 is within thetargeted area, and has chosen the anonymous option. If wireless device304 does not include handheld location system 120, network locationmonitor 375 determines that wireless device 304 is within the targetedarea and has chosen the anonymous option.

In step 382 a, if wireless device 304 includes handheld location system120, handheld location monitor 374 initiates an “in the area” message inwireless device 304 and forwards the message to content provider 300(through mobile gateway 370). Alternately, if wireless device 304 doesnot include a handheld location system, in step 382 b, network locationmonitor 374 sends an “in the area” message through global computernetwork 114 to content provider 300. In both steps 382 a and 382 b, themessage also includes a device identification for wireless device 200,and a parameter for location preference. The location preferenceparameter indicates whether the user wants his identity forwarded orwants to remain anonymous. In this example, the location preference ismarked anonymous.

In step 383 a, before the message (from either wireless device 304 ornetwork based location system 122) passes to global computer network114, privacy agent 372 intercepts the message because it is markedanonymous. In step 383 b, privacy agent 372 replaces the deviceidentification of wireless device 200 with a dummy identification andforwards the message to content provider 300. At the same time, privacyagent 372 records the association between the device identification andthe dummy identification.

In step 384, content provider 300 receives the “in the area” message viaglobal computer network 114 and sends a response (e.g., an alert orcontent) back through network 114. Web site 204 formulates the responsebased on the location information, and addresses the response to thedummy identification.

In step 385, mobile gateway 370 recognizes that the response messageincludes a dummy identification and queries privacy agent 372 for the“real” device identification of wireless device 304. In step 386,privacy agent 372 finds the device identification associated with thedummy identification and sends the device identification to mobilegateway 370. Finally, in step 387, mobile gateway 370 sends the responsemessage to wireless device 304, as identified by the deviceidentification.

FIG. 3 c illustrates alternative preferred embodiments of communicatinglocation information to an outside party, e.g., content provider 300. Asshown, the communication could be between mobile gateway 370 and contentprovider 300 or could be between network-based location system 122 andcontent provider 300. As one of ordinary skill in the art wouldappreciate, many other solutions to providing this communication arepossible, e.g., by direct communication between wireless device 304 andcontent provider 300.

In the push implementation, proxy server 100 monitors wireless handhelddevices 112 that are powered on. In most instances, a network usersimply turns on his wireless handheld device and leaves the networkinterface open to a web page. The initial accessing of the web page orthe completion of any other wireless transmission (e.g., placing of awireless telephone call) provides proxy server 100 with location andidentity information. In addition, each time the web page automaticallyrefreshes, or each time the network user enters a browse command, proxyserver 100 receives updated location information. In this manner, proxyserver 100 can continually monitor for devices that enter a location towhich an content provider wants to push content messages.

With regard to both push and pull messages, in most cases, proxy server100 preferably removes identity information from a user message beforethe message enters global computer network 114. Removing the identityinformation within wireless network 110 ensures the greatest privacy,yet still accommodates generic network access needs. For example, a website would not need the identity of a network user to provide generaldata, such as stock prices, television guides, and flight schedules. Theweb site would simply respond to a request for this public information,without regard for the identity of the requesting party.

However, in some cases web sites must know the identity of a networkuser to provide private customer-specific information. For example,instead of just stock prices, a network user may want to view theperformance of his particular stock portfolio. The web siteadministering his portfolio would need to know his identity to accessthe correct portfolio data and to provide the data in a securedtransaction. Presumably, the network user would authorize the web siteto receive his identity information under the condition that hisidentity not be passed on to other web sites. However, conflicting withthis conditional authorization, these same web sites often selladvertisements off of their web pages in the form of banner ads.Typically, when the network user opens a web page with a banner ad, theweb site calls out to the advertiser to have an advertisementdownloaded. In this exchange, the advertisers, seeking to maximizeeffectiveness, ask the web sites for as much information about thenetwork user as possible, including location and identity. The danger isthat the web site will relinquish this private identity information tothe advertiser.

FIG. 4 illustrates an alternate embodiment of the invention thatprevents this breach of privacy. Thus, when wireless handheld device 400accesses web site 402 and opens a web page having a banner ad, web site402 calls out to proxy server 100 along path 404, instead of directly tocontent provider 406 along path 408. When proxy server 100 receives therequest to insert a banner ad, proxy server 100 substitutes a dummyidentification for the device identification, as described above, andforwards the dummy identification and location information to contentprovider 406 along path 410. Using the location information, contentprovider 406 returns a targeted content to proxy server 100 along path412. Proxy server 100 translates the dummy identification embedded inthe content into the appropriate device identification, and forwards thecontent and device identification to web site 402 along path 414 a, fordisplay on wireless handheld device 400 along with other contentprovided by web site 402. Alternately, proxy server 100 could forwardthe content directly to wireless handheld device 400 along path 414 b.Therefore, the private identification information never passes to anunauthorized third party.

In an alternate preferred embodiment of the present invention, the dummyidentification that the proxy server associates with a deviceidentification is the location of the device. Thus, instead of using adifferent dummy identification for the device identification of eachdevice, the dummy identification corresponds to a device's location,which could be the same for multiple devices. Thus, the proxy serversubstitutes the location of a device for the identity information andstores the relationship between the device location and deviceidentification in memory. In this manner, the content provider'sresponse would be a different content addressed to each location. Inturn, the proxy server would look up in the memory storage the devicesmarked with the location to which the content provider addressed thecontent, would determine the corresponding device identification of eachdevice marked with the location, and would return each different contentto the corresponding devices.

For example, if devices A and B are in location X and device F is inlocation Y, the proxy server would substitute X for the deviceidentifications of devices A and B, and would substitute Y for thedevice identification of device F. In memory, the proxy server wouldassociate the identifications of devices A and B to X and theidentification of F to Y. The content provider would forward content Xaddressed to X and would forward content Y addressed to Y. Then, theproxy server would read the X and Y addresses, consult the memory fordevice identifications associated with the X and Y addresses(locations), and forward content X to devices A and B and content Y todevice F.

Although discussed above in the context of ordinary web sites, one ofordinary skill in the art would appreciate that the present invention isapplicable to communications beyond HyperText Markup Language (HTML) andWireless Markup Language (WML). Indeed, the present invention isapplicable to such communications as voice calls and video calls. Thetrue spirit and scope of the invention should not be limited to the website embodiments described above, but instead should be defined by theclaims appended hereto, and by their equivalents.

The foregoing disclosure of embodiments of the present invention hasbeen presented for purposes of illustration and description. It is notintended to be exhaustive or to limit the invention to the precise formsdisclosed. Many variations and modifications of the embodimentsdescribed herein will be obvious to one of ordinary, skill in the art inlight of the above disclosure. The scope of the invention is to bedefined only by the claims appended hereto, and by their equivalents

1. A proxy server comprising: at least one computer processor; and atleast one tangible computer-readable storage medium having instructionsthat, when executed by the at least one processor, cause the at leastone processor to at least: determine that each of multiple wirelessdevices is associated with a predetermined vicinity; determinerespective identification information corresponding to each of thewireless devices; and associate the respective identificationinformation corresponding to the wireless devices to a dummyidentification in response to determining that each of the wirelessdevices is associated with the predetermined vicinity.
 2. The proxyserver of claim 1, wherein: the multiple wireless devices, the dummyidentification, and the predetermined vicinity are, respectively, firstwireless devices, a first dummy identification, and a firstpredetermined vicinity; and the instructions, when executed by the atleast one processor, further cause the at least one processor to:determine that each of multiple second wireless devices is associatedwith a second predetermined vicinity; determine respectiveidentification information corresponding to each of the second wirelessdevices; and associate the respective identification informationcorresponding to the second wireless devices to a second dummyidentification in response to determining that each of the secondwireless devices is associated with the second predetermined vicinity.3. The proxy server of claim 1, wherein the instructions, when executedby the at least one processor, further cause the at least one processorto: receive a request from a requester relating to the predeterminedvicinity; and send the dummy identification to the requester in responseto (i) receiving the request and (ii) determining that the wirelessdevices are associated with the predetermined vicinity.
 4. The proxyserver of claim 1, wherein the instructions, in causing the at least oneprocessor to associate the respective identification informationcorresponding to the wireless devices to the dummy identification, causethe at least one processor to associate each of the wireless devices tothe dummy identification, wherein the dummy identification is associatedwith the predetermined vicinity.
 5. The proxy server of claim 1, whereinthe instructions, when executed by the at least one processor, furthercause the at least one processor to send, to a requester, the dummyidentification and geographic information corresponding to the wirelessdevices.
 6. The proxy server of claim 1, wherein the respectiveidentification information corresponding to the wireless devicesincludes a distinct device identification corresponding to each of themultiple wireless devices.
 7. The proxy server of claim 1, wherein:associating the respective identification information to the dummyidentification forms an association; and the dummy identification cannotbe used to send messages to the wireless devices without use of theassociation.
 8. The proxy server of claim 1, wherein the dummyidentification associated with the respective identification informationfor the multiple wireless devices is a single dummy identification.
 9. Acomputer-implemented method, for providing a privacy service,comprising: determining, at a tangible proxy server, that each ofmultiple wireless devices is associated with a predetermined vicinity;determining, at the proxy server, respective identification informationcorresponding to each of the wireless devices; and associating, at theproxy server, the respective identification information corresponding tothe wireless devices to a dummy identification in response todetermining that each of the wireless devices is associated with thepredetermined vicinity.
 10. The computer-implemented method of claim 9,wherein: the multiple wireless devices, the dummy identification, andthe predetermined vicinity are, respectively, first wireless devices, afirst dummy identification, and a first predetermined vicinity; and themethod further comprises: determining that each of multiple secondwireless devices is associated with a second predetermined vicinity;determine respective identification information corresponding to each ofthe second wireless devices; and associate the respective identificationinformation corresponding to the second wireless devices to a seconddummy identification in response to determining that each of the secondwireless devices is associated with the second predetermined vicinity.11. The computer-implemented method of claim 10, wherein the respectiveidentification information corresponding to the wireless devicesincludes a distinct device identification corresponding to each of themultiple wireless devices.
 12. The computer-implemented method of claim9, wherein: associating the respective identification information to thedummy identification forms an association; and the dummy identificationcannot be used to send messages to the wireless devices without use ofthe association.
 13. The computer-implemented method of claim 9, whereinthe dummy identification associated with the respective identificationinformation for the multiple wireless devices is a single dummyidentification.
 14. The computer-implemented method of claim 9, furthercomprising: receiving a request from a requester relating to thepredetermined vicinity; and sending the dummy identification to therequester in response to (i) receiving the request and (ii) determiningthat the wireless devices are associated with the predeterminedvicinity.
 15. The computer-implemented method of claim 9, whereinassociating the respective identification information corresponding tothe wireless devices to the dummy identification includes associatingeach of the wireless devices to the dummy identification, wherein thedummy identification is associated with the predetermined vicinity. 16.The computer-implemented method of claim 9, further comprising sending,to a requester, the dummy identification and geographic informationcorresponding to the wireless devices.
 17. A computer-implementedmethod, for providing a privacy service, comprising: receiving, at aprivacy-service system having at least one computer server, from arequester, a request regarding a pre-identified vicinity; receiving, atthe privacy-service system, identification information corresponding toa wireless device associated with the pre-identified vicinity; andsending to the requester, from the privacy-service system, a dummyidentification corresponding to the wireless device.
 18. Thecomputer-implemented method of claim 17, wherein the request seekscommunication with a wireless device associated with the pre-identifiedvicinity.
 19. The computer-implemented method of claim 17, furthercomprising: determining, at the privacy-service system, locationinformation indicating a location of the wireless device; anddetermining, at the privacy-service system, that the wireless device isassociated with the pre-identified vicinity using the locationinformation.
 20. The computer-implemented method of claim 17, furthercomprising: determining, at the privacy-service system, that a privacysetting relating to the wireless device is set to allow communication oflocation information corresponding to the wireless device and disallowcommunication of the identification information; and the privacy-servicesystem, in response to determining that the privacy setting is set todisallow communication of the identification information, associatingthe identification information to the dummy identification, in a memory,to form a stored association between the identification information andthe dummy identification.